Skip to content

Refactor audit events for User-adjacent services

What does this MR do and why?

Adds audit event types for User-adjacent services. Refactors associated API helpers to use Gitlab::Audit::Auditor to build audit events.

This affects the following services:

  • ee/app/services/ee/emails/create_service.rb
  • ee/app/services/ee/applications/create_service.rb
  • ee/app/services/ee/keys/create_service.rb
  • ee/app/services/audit_events/user_impersonation_group_audit_event_service.rb
  • ee/app/controllers/smartcard_controller.rb


Previous code in ee/app/services/ee/applications/create_service.rb was auditing events in a strange way - it set the target as a User, but used the application's id and name as target_id and target_details. It's unclear if this was a special case for AuditEventService, but I don't know that the new audit method can bend this far to keep event details consistent. This may be seen as either a bug fix or a breaking change.

ee/app/services/ee/keys/create_service.rb does something similar.


The following actions should generate audit events in DB:

  • create email
  • create OAuth application
  • create an SSH/GPG key
  • impersonate a user
  • Smartcard authentication (verification steps?)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #374107 (closed)

Edited by Aaron Huntsman

Merge request reports